Presentation on theme: "Continually improving products and services to protect against cyber-attacks targeting administration First in Windows Server, and Active Directory......Next."— Presentation transcript:
Research & Preparation First Workstation Compromised 24-48 Hours Domain Admin Compromised Data Exfiltration (Attacker Undetected) 11-14 months Attack Discovered External attackers find admins Use spear-phishing, password guessing,... Leverage Active Directory for lateral movement
Learn more at CDP-B415 “JEA: A PowerShell Toolkit to Secure a Post-Snowden World” Tuesday, October 28 5:00 PM - 6:15 PM Room: Hall 8.1 Room J
Users might have rights they don’t need (and don’t know they have)
Least Privilege – Just in Time (JIT) Access, part of Best Practices for Securing AD #7: Eliminate permanent membership in highly privileged groups. #8: Grant temporary membership in privileged groups when needed.
Prepare Which users have privileged access rights based on AD groups? Protect Step-up lifecycle and AuthN protection of privileged user accounts Operate Users can request Just In Time (JIT) and Just Enough administrator access privileges Monitor Additional auditing, alerts & reports, of privileged access requests
Tue, Oct 28 5:00 PM - 6:15 PMCDP-B415JEA: A PowerShell Toolkit to Secure a Post-Snowden World Wed, Oct 29 8:30 AM-9:45 AMEM-B316Directory Integration: Creating One Directory with Active Directory and Azure Active Directory Wed, Oct 29 3:15 PM-4:30 PMEM-B319Microsoft Identity Manager vNext Overview Wed, Oct 29 3:15 PM-4:30 PMCDP-B210Cloud Identity: Microsoft Azure Active Directory Explained Wed, Oct 29 5:00 PM-6:15 PMEM-B318Free Your Apps: Introducing Microsoft Azure Active Directory Application Proxy and Windows Server Web Application Proxy Thu, Oct 30 10:15 AM-11:30 AMCDP-B312Microsoft Azure Active Directory Premium, in Depth Fri, Oct 31 2:45 PM-4:00 PMEM-B313Microsoft Azure Multi-Factor Authentication Deep Dive: Securing Access on Premises and in the Cloud Thu, Oct 30 12:00 PM-1:15 PMEM-B310Active Directory + BYOD = Peace of Mind Thu, Oct 30 5:00 PM-6:15 PMDEV-B322Building Web Apps and Mobile Apps Using Microsoft Azure Active Directory for Identity Management Fri, Oct 31 8:30 AM-9:45 AMCDP-B207Securing Organizations: Azure Active Directory Intelligence as a Differentiator Fri, Oct 31 2:45 PM - 4:00 PMCDP-B313Leveraging Service Management Automation and Windows PowerShell JEA in Service Provider Operations